Selective Forgery of RSA Signatures Using Redundancy

  title={Selective Forgery of RSA Signatures Using Redundancy},
  author={Marc Girault and Jean-François Misarsky},
We show the weakness of several RSA signature schemes using redundancy (i.e. completing the message to be signed with some additional bits which are fixed or message-dependent), by exhibiting chosen-message attacks based on the multiplicative property of RSA signature function. Our attacks, which largely extend those of DeJonge and Chaum [DJC], make extensive use of an affine variant of Euclid's algorithm, due to Okamoto and Shiraishi [OS]. When the redundancy consists of appending any fixed… CONTINUE READING